What is missing?
Not explicit, or encoded.
Domain specific cookie
How does adtech/publish
Sam - hack an extension
Andrew- background reading - to try to figure out what we can express via the cookie
Sean - ICONS
Sal - JSON purposes
Go here for all the links to the Transparency & Consent Framework
Create a cookie that is honored by the advertiser selling space on wired.com
Are there configurations of the cookie as defined in the document that are person friendly so they don’t have to do this every time (maybe?) Can we change the bits to accomplish this?
If we can parse what is in the cookie/api we can suggest additional functionality (get them to add purposes)
Hack the cookie or hack the specification. (short term)
Hacking the cookie can make it easier for the user...
We can become the CMP… is this chosen by the vendor, if so we could then go to them indivually
And write a vendor consent cookie, that has specific (defined by us) purposes (only 6)
Can we create an EFF, Customer Commons CMP or set others up to do so…. And possibly create a consortium to do so (long term)
[NOTE: Here’s a blog about one vendor’s CMP https://www.sovrn.com/blog/sovrn-gdpr-cmp/ ]
We could do a rogue version.
Refer to JSON for specific references…
Publisher purposes consent cookie format could be flipped to achieve global purposes not vendor specific.
Using the official vendor list but can hack that.
https://vendorlist.consensu.org/vendorlist.json
Chrome Extension API for client side cookie hacking:
https://developer.chrome.com/extensions/cookies#method-set
https://hangouts.google.com/call/f71g1SrzihwRublHgFC2AAEE
Mechanics of Chrome extension
Base extention: https://github.com/TelegramSam/ConsentCookieManager
Mechanics of encoding
Mechanics of cookie extension.
Become the only CMP that could be chosen by the uers
Registered CMPs
http://advertisingconsent.eu/iab-europe-transparency-consent-framework-list-of-registered-cmps/
ID | Company Name | Website | Sub-Domain |
9 | Admiral | getadmiral.com | admiral.mgr.consensu.org |
2 | Chandago | chandago.com | appconsent.mgr.consensu.org |
23 | Conversant Europe Ltd. | conversantmedia.eu | conversant.mgr.consensu.org |
7 | Didomi | didomi.io | didomi.mgr.consensu.org |
3 | Faktor BV | faktor.io | faktor.mgr.consensu.org |
12 | Germantag Web Services | germantag.de | germantag.mgr.consensu.org |
10 | Quantcast International Limited | quantcast.com | quantcast.mgr.consensu.org |
6 | Sourcepoint Technologies, Inc. | sourcepoint.com | sourcepoint.mgr.consensu.or |
Purposes | IAB E Says | Customer Commons Says | Relevant GDPR Articles |
Storage and access of information | You can ask us to delete/forget when you want | Article 18 Right to restriction of processing Article 17 Right to erasure (‘right to be forgotten’) | |
Personalisation | Tracking (GDPR: Profiling) | Article 21 Right to object Article 22 Automated individual decision-making, including profiling | |
Ad selection, delivery, reporting | My topic prefs and exclusions | ||
Content selection, delivery, reporting | Where do I see the logs? | ||
Measurement (Analytics etc.) | Only aggregate info allowed (at least c. 10 subjects) | ||
Duration? | |||
Features | |||
Matching Data to Offline Sources | If you use my data to correlate me with my offline self, you will notify me | ||
Linking Devices | If you link my devices through pivotal data points I supply implicitly or explicitly, you will notify me? | ||
Precise Geographic Locations | |||
Vendors |
These are the currently-defined Features from the
https://vendorlist.consensu.org/vendorlist.json file
"features": [
{
"description": "Combining data from offline sources that were initially collected in other contexts.",
"id": 1,
"name": "Matching Data to Offline Sources"
},
{
"description": "Allow processing of a user's data to connect such user across multiple devices.",
"id": 2,
"name": "Linking Devices"
},
{
"description": "Allow processing of a user's precise geographic location data in support of a purpose for which that certain third party has consent.",
"id": 3,
"name": "Precise Geographic Location Data"
}
],
These are the currently-defined Purposes from the
https://vendorlist.consensu.org/vendorlist.json file
"purposes": [
{
"description": "The storage of information, or access to information that is already stored, on your device such as accessing advertising identifiers and/or other device identifiers, and/or using cookies or similar technologies.",
"id": 1,
"name": "Storage and access of information"
},
{
"description": "The collection and processing of information about your use of this site to subsequently personalize advertising for you in other contexts, i.e. on other sites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests which inform future selections.",
"id": 2,
"name": "Personalisation"
},
{
"description": "The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. ",
"id": 3,
"name": "Ad selection, delivery, reporting"
},
{
"description": "The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. ",
"id": 4,
"name": "Content selection, delivery, reporting"
},
{
"description": "The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the content.",
"id": 5,
"name": "Measurement"
}
],
Ad Vendors
{
"vendorListVersion": 9,
"lastUpdated": "2018-04-26T16:01:58Z",
"purposes": [
{
"id": 1,
"name": "Storage and access of information",
"description": "The storage of information, or access to information that is already stored, on your device such as accessing advertising identifiers and\/or other device identifiers, and\/or using cookies or similar technologies."
},
{
"id": 2,
"name": "Personalisation",
"description": "The collection and processing of information about your use of this site to subsequently personalize advertising for you in other contexts, i.e. on other sites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests which inform future selections."
},
{
"id": 3,
"name": "Ad selection, delivery, reporting",
"description": "The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. "
},
{
"id": 4,
"name": "Content selection, delivery, reporting",
"description": "The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. "
},
{
"id": 5,
"name": "Measurement",
"description": "The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the content."
}
],
"features": [
{
"id": 1,
"name": "Matching Data to Offline Sources",
"description": "Combining data from offline sources that were initially collected in other contexts."
},
{
"id": 2,
"name": "Linking Devices",
"description": "Allow processing of a user's data to connect such user across multiple devices."
},
{
"id": 3,
"name": "Precise Geographic Location Data",
"description": "Allow processing of a user's precise geographic location data in support of a purpose for which that certain third party has consent."
}
],
"vendors": [
{
"id": 8,
"name": "Emerse Sverige AB",
"policyUrl": "https:\/\/www.emerse.com\/privacy-policy\/",
"purposeIds": [
1,
2,
4
],
"legIntPurposeIds": [
3,
5
],
"featureIds": [
1,
2
]
},
{
"id": 12,
"name": "BeeswaxIO Corporation",
"policyUrl": "https:\/\/www.beeswax.com\/privacy.html",
"purposeIds": [
1,
3,
5
],
"legIntPurposeIds": [
],
"featureIds": [
3
]
},
{
"id": 28,
"name": "TripleLift, Inc.",
"policyUrl": "https:\/\/triplelift.com\/privacy\/",
"purposeIds": [
1,
3
],
"legIntPurposeIds": [
],
"featureIds": [
3
]
},
{
"id": 9,
"name": "AdMaxim Inc.",
"policyUrl": "http:\/\/www.admaxim.com\/privacy\/",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
1,
2,
3
]
},
{
"id": 27,
"name": "ADventori SAS",
"policyUrl": "https:\/\/www.adventori.com\/with-us\/legal-notice\/",
"purposeIds": [
2
],
"legIntPurposeIds": [
1,
3,
4,
5
],
"featureIds": [
]
},
{
"id": 25,
"name": "Oath (EMEA) Limited",
"policyUrl": "https:\/\/policies.oath.com\/ie\/en\/oath\/privacy\/index.html",
"purposeIds": [
1,
2
],
"legIntPurposeIds": [
3,
5
],
"featureIds": [
1,
2,
3
]
},
{
"id": 26,
"name": "Venatus Media Limited",
"policyUrl": "https:\/\/www.venatusmedia.com\/privacy\/",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
]
},
{
"id": 1,
"name": "Exponential Interactive, Inc",
"policyUrl": "http:\/\/exponential.com\/privacy",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
]
},
{
"id": 6,
"name": "AdSpirit GmbH",
"policyUrl": "http:\/\/www.adspirit.de\/privacy",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
]
},
{
"id": 30,
"name": "BidTheatre AB",
"policyUrl": "https:\/\/www.bidtheatre.com\/privacy-policy",
"purposeIds": [
1,
2,
3
],
"legIntPurposeIds": [
],
"featureIds": [
2,
3
]
},
{
"id": 24,
"name": "Conversant Europe Ltd.",
"policyUrl": "https:\/\/www.conversantmedia.eu\/legal\/privacy-policy",
"purposeIds": [
1
],
"legIntPurposeIds": [
2,
3,
4,
5
],
"featureIds": [
1,
2,
3
]
},
{
"id": 29,
"name": "Etarget SE",
"policyUrl": "https:\/\/www.etarget.sk\/privacy.php",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
1
]
},
{
"id": 39,
"name": "ADITION technologies AG",
"policyUrl": "adition.com\/datenschutz",
"purposeIds": [
],
"legIntPurposeIds": [
1,
2,
3,
4,
5
],
"featureIds": [
1,
2,
3
]
},
{
"id": 11,
"name": "Quantcast International Limited",
"policyUrl": "https:\/\/www.quantcast.com\/privacy\/",
"purposeIds": [
1
],
"legIntPurposeIds": [
2,
3,
4,
5
],
"featureIds": [
1
]
},
{
"id": 15,
"name": "Adikteev",
"policyUrl": "https:\/\/www.adikteev.com\/eu\/privacy\/",
"purposeIds": [
1,
2
],
"legIntPurposeIds": [
],
"featureIds": [
]
},
{
"id": 4,
"name": "Roq.ad GmbH",
"policyUrl": "https:\/\/www.roq.ad\/privacy-policy",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
2,
3
]
},
{
"id": 7,
"name": "Vibrant Media Limited",
"policyUrl": "https:\/\/www.vibrantmedia.com\/en\/privacy-policy\/",
"purposeIds": [
2,
3,
4,
5
],
"legIntPurposeIds": [
1
],
"featureIds": [
]
},
{
"id": 2,
"name": "Captify Technologies Limited",
"policyUrl": "http:\/\/www.captify.co.uk\/privacy-policy\/",
"purposeIds": [
2,
3,
5
],
"legIntPurposeIds": [
1
],
"featureIds": [
2
]
},
{
"id": 37,
"name": "NEURAL.ONE",
"policyUrl": "https:\/\/web.neural.one\/privacy-policy\/",
"purposeIds": [
1,
2,
3,
5
],
"legIntPurposeIds": [
],
"featureIds": [
1,
2
]
},
{
"id": 13,
"name": "Sovrn Holdings Inc",
"policyUrl": "https:\/\/www.sovrn.com\/sovrn-privacy\/",
"purposeIds": [
1,
2,
3
],
"legIntPurposeIds": [
],
"featureIds": [
2,
3
]
},
{
"id": 34,
"name": "NEORY GmbH",
"policyUrl": "https:\/\/www.neory.com\/privacy.html",
"purposeIds": [
1,
2,
4,
5
],
"legIntPurposeIds": [
3
],
"featureIds": [
]
},
{
"id": 32,
"name": "AppNexus Inc.",
"policyUrl": "https:\/\/www.appnexus.com\/en\/company\/platform-privacy-policy",
"purposeIds": [
1
],
"legIntPurposeIds": [
3
],
"featureIds": [
2,
3
]
},
{
"id": 10,
"name": "Index Exchange, Inc. ",
"policyUrl": "www.indexexchange.com\/privacy",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
2,
3
]
},
{
"id": 57,
"name": "ADARA MEDIA UNLIMITED",
"policyUrl": "https:\/\/adara.com\/2018\/04\/10\/adara-gdpr-faq\/",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
1,
2
]
},
{
"id": 63,
"name": "Avocet Systems Limited",
"policyUrl": "http:\/\/www.avocet.io\/privacy-policy",
"purposeIds": [
],
"legIntPurposeIds": [
1,
3
],
"featureIds": [
]
},
{
"id": 51,
"name": "xAd, Inc. dba GroundTruth",
"policyUrl": "https:\/\/www.groundtruth.com\/privacy-policy\/",
"purposeIds": [
1,
2,
3,
4,
5
],
"legIntPurposeIds": [
],
"featureIds": [
1,
2,
3
]
},
{
"id": 49,
"name": "Tradelab, SAS",
"policyUrl": "http:\/\/tradelab.com\/en\/privacy\/",
"purposeIds": [
1,
2,
3
],
"legIntPurposeIds": [
5
],
"featureIds": [
1,
2,
3
]
},
{
"id": 45,
"name": "Smart Adserver",
"policyUrl": "http:\/\/smartadserver.com\/company\/privacy-policy\/",
"purposeIds": [
1,
2
],
"legIntPurposeIds": [
3,
5
],
"featureIds": [
3
]
},
{
"id": 52,
"name": "The Rubicon Project, Limited",
"policyUrl": "http:\/\/rubiconproject.com\/rubicon-project-yield-optimization-privacy-policy\/",
"purposeIds": [
1
],
"legIntPurposeIds": [
2,
3,
4,
5
],
"featureIds": [
3
]
},
{
"id": 35,
"name": "Purch Group, Inc.",
"policyUrl": "http:\/\/www.purch.com\/privacy-policy\/",
"purposeIds": [
1
],
"legIntPurposeIds": [
3,
5
],
"featureIds": [
]
},
{
"id": 71,
"name": "Dataxu, Inc. ",
"policyUrl": "https:\/\/www.dataxu.com\/about-us\/privacy\/data-collection-platform\/",
"purposeIds": [
1,
2,
3
],
"legIntPurposeIds": [
],
"featureIds": [
1,
2,
3
]
},
{
"id": 79,
"name": "MediaMath, Inc.",
"policyUrl": "http:\/\/www.mediamath.com\/privacy-policy\/",
"purposeIds": [
1
],
"legIntPurposeIds": [
2,
3,
4,
5
],
"featureIds": [
1,
2,
3